On 2021-05-04 20:19, Michael Wang wrote:
It seems that this should be a common question, but I did not find a
definite answer via Google search. I saw solutions to only scan files
in the last 60 days, but it is not difficult for a virus file to
change date, isn't it? I can think of to maintain hash table with file
name and its checksum, but looks like this should be a functionality
of the clamav itself. How do you do it? Just do a full scan every
time? Thanks.
fun part is that clamdscan needs root access, stupid
virus scanning must not be done as root user, else one knows why its
unsecure on unpacking
already files stored as non root users can only be changed by same user
if its malware, this includes change time stamps
as non root, isssue a touch malwarefile.exe, new upload
hope clamav team redo this insecure in clamdscan
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
